IT Cybersecurity & Risk Management Specialist

• Develop, implement and maintain the Group Cybersecurity Strategy, aligned with international frameworks (ISO 27001, NIST, CIS);
• Design and maintain the group’s Information Security Management System (ISMS);
• Define and enforce security policies, controls and user behaviour standards across all regions and offices.

• Conduct regular IT risk assessments across infrastructure, networks, and cloud platforms;
• Define and monitor the group’s cyber risk register and treatment plans;
• Identify, evaluate and mitigate insider and external threats in partnership with operational teams.

• Implement and manage SIEM tools, endpoint detection, and anomaly detection platforms;
• Lead incident response planning, execution and post-mortems; manage breach simulations and penetration testing;
• Ensure clear, timely reporting to Group IT Director and Risk Committees on incidents and posture.

• Support audits and assessments relating to GDPR, ISO 27001, data privacy, and ITGC controls;
• Collaborate with Finance and Legal to support audit readiness and remediation actions;
• Maintain up-to-date knowledge of relevant cybersecurity laws in the UK, EU, and operational jurisdictions.

• Lead group-wide cybersecurity awareness campaigns and mandatory staff training;
• Work with HR and IT to implement secure onboarding/offboarding, privileged access reviews, and acceptable use policies;
• Embed a culture of cyber accountability across functions.

• Administer Azure AD PIM and manage role-based access across Microsoft 365, on-premises, and third-party apps;
• Ensure least-privilege access, regular entitlement reviews, and secure identity lifecycle management.

• Serve as a trusted advisor to regional IT leads and business unit heads on cybersecurity matters;
• Coordinate with the Group IT Director and General Management on cyber risk reports, board updates, and governance deliverables;
• Oversee security requirements for IT projects, vendor selection, and solution architecture.

• Minimum 7–10 years’ experience in cybersecurity, information security governance or risk advisory;
• Strong knowledge of network security, identity protection, endpoint security, Microsoft cloud security stack;
• Hands-on experience with ISO 27001, NIST CSF, GDPR, and/or local regulatory frameworks;
• Experience with Microsoft Defender Suite, Purview (Insider Risk), Sentinel, Intune or equivalent;
• Recognised certifications: CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or Microsoft SC Series;
• Proven ability to operate in cross-cultural, fast-paced environments with high operational integrity.

• Strong analytical thinking and risk-based decision-making;
• Excellent written and verbal communication (English essential, Russian desirable);
• Resilient, pragmatic, and business-minded in cyber leadership;
• Able to influence without authority and present complex security topics to non-technical stakeholders.

HeadHunter